[greasemonkey-users] Dynamic window or iframe creation with data from a https page

[Damir Prebeg]

I use greasmonkey script to collect and process data from airbnb 
my_reservations page of my own property. 
Their web page sucks big time so my script assembles a list in a form of a 
table with all data I need about my guests (name, booking dates, number of 
guests, price etc.) and opens blank window where that table was written. I 
use unsafeWindow to write into that new window but recent security upgrades 
of FF (now i have FF 40) have broken my script. I used this code to create 
new window:

function fireNewTab(ret) {

    //var newTab = window.open ('about:blank', '_blank');
    var newTab = unsafeWindow.open ('about:blank', '_blank');
    var D = newTab.document;

    var scriptNode = D.createElement ('script');
    scriptNode.type = "text/javascript";
    scriptNode.textContent = "document.write(unescape('"+ret+"'));";

    var targ = D.getElementsByTagName ('head')[0];
    targ.appendChild (scriptNode);
}


Variable ret is assebled data. New window opens but it's blank because i 
get this error:


Content Security Policy: The page's settings blocked the loading of a
  resource at self ("script-src
  'sha256-8Kp4YIWqA8yhCJaTWnmB7Wv7OjnXnX661ygwccVuDRw='
  'sha256-RWjZjHViHqRaxuNn3Gqcy5tg2pM20UIGVdEcuv8LaCE='
  https://www.airbnb.com https: 'unsafe-eval' 'unsafe-inline' http:").



I have second script that creates an iframe on Hostelworld booking info 
page without any problems and it's also https. Bat the same code 
generates an CSP error on Airbnb page:

function createIFrame(InHTML){
        
        var docBody = document.getElementsByTagName ('body')[0];
        var iframe = document.createElement('iframe');

        iframe.frameBorder = 0;
        iframe.style.width = "100%";
        iframe.style.height = "1350px";

        docBody.appendChild(iframe);

        iframe.src = 'data:text/html;charset=utf-8,' + 
encodeURIComponent(InHTML);
        
}

Can anyone point me in the right dirrection how to bypass this restriction?

Here is https encription info from airbnb and hostelworld, maybe that has 
something to do with this problem:


Airbnb:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128 bit keys, TLS 1.2
Hostelworld:
TLS_RSA_WITH_AES_256_CBC_SHA, 256 bit keys, TLS 1.2




-- 
You received this message because you are subscribed to the Google Groups 
"greasemonkey-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to greasemonkey-users+unsubscr...@googlegroups.com.
To post to this group, send email to greasemonkey-users@googlegroups.com.
Visit this group at http://groups.google.com/group/greasemonkey-users.
For more options, visit https://groups.google.com/d/optout.